Netgate SG-1000 microFirewall

Author Topic: IPSec failing Phase 2  (Read 218 times)

0 Members and 1 Guest are viewing this topic.

Offline chaunold

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
IPSec failing Phase 2
« on: January 02, 2018, 09:52:01 am »
Hello everyone! I've been working on implementing IPSec on my PfSense box, but I just haven't really had any luck at all with it and I been reading through forums and documentation for days and still haven't came up with a working solution. Would appreciate any help to get my VPN server up and running! :D If I disable my Phase 2 entry, I can connect to the VPN server just fine. But it seems when I enable Phase 2, that's where I run into lots of issues. I've tried countless things like changing and experimenting around with the crypto settings on my Phase 2 and also Phase 1.

Here are my current Phase 1 settings:

Mutual PSK + xauth (yes i know, this will be changed later once I get this working :P)

Main Mode

Identifier: My IP address

Peer Identifier: Any

AES 256 SHA1 DH Group 14 (2048 bit) Lifetime: 3600

Phase 2:

Network 192.168.0.0/22

NAT/BINAT None

ESP

AES 256

DH Group 14

Hash: SHA1

Like I said, I played around trying to change my crypto settings on Phase 1 and Phase 2 but no luck. I am using an iPad Pro running iOS 11 as my test unit. Here are some of my IPSec Logs:

Jan 2 10:16:54    charon: 14[CFG] <con1|13> lease 192.168.9.1 by 'c.beta' went offline
Jan 2 10:16:54    charon: 14[IKE] <con1|13> IKE_SA con1[13] state change: DELETING => DESTROYING
Jan 2 10:16:54    charon: 14[IKE] <con1|13> IKE_SA con1[13] state change: DELETING => DELETING
Jan 2 10:16:54    charon: 14[IKE] <con1|13> IKE_SA con1[13] state change: ESTABLISHED => DELETING
Jan 2 10:16:54    charon: 14[IKE] <con1|13> deleting IKE_SA con1[13] between 99.172.zzz.zzz[99.172.zzz.zzz]...166.172.58.143[192.168.1.64]
Jan 2 10:16:54    charon: 14[IKE] <con1|13> received DELETE for IKE_SA con1[13]
Jan 2 10:16:54    charon: 14[ENC] <con1|13> parsed INFORMATIONAL_V1 request 1226564744 [ HASH D ]
Jan 2 10:16:54    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (92 bytes)
Jan 2 10:16:53    charon: 14[IKE] <con1|13> nothing to initiate
Jan 2 10:16:53    charon: 14[IKE] <con1|13> activating new tasks
Jan 2 10:16:53    charon: 14[ENC] <con1|13> parsed INFORMATIONAL_V1 request 287279936 [ HASH N(DPD_ACK) ]
Jan 2 10:16:53    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (92 bytes)
Jan 2 10:16:53    charon: 14[IKE] <con1|13> nothing to initiate
Jan 2 10:16:53    charon: 14[IKE] <con1|13> activating new tasks
Jan 2 10:16:53    charon: 14[NET] <con1|13> sending packet: from 99.172.zzz.zzz[4500] to 166.172.58.143[38643] (92 bytes)
Jan 2 10:16:53    charon: 14[ENC] <con1|13> generating INFORMATIONAL_V1 request 1586030699 [ HASH N(DPD) ]
Jan 2 10:16:53    charon: 14[IKE] <con1|13> activating ISAKMP_DPD task
Jan 2 10:16:53    charon: 14[IKE] <con1|13> activating new tasks
Jan 2 10:16:53    charon: 14[IKE] <con1|13> queueing ISAKMP_DPD task
Jan 2 10:16:53    charon: 14[IKE] <con1|13> sending DPD request
Jan 2 10:16:53    charon: 14[IKE] <con1|13> received retransmit of request with ID 1621439060, but no response to retransmit
Jan 2 10:16:53    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (300 bytes)
Jan 2 10:16:50    charon: 14[IKE] <con1|13> received retransmit of request with ID 1621439060, but no response to retransmit
Jan 2 10:16:50    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (300 bytes)
Jan 2 10:16:46    charon: 14[IKE] <con1|13> received retransmit of request with ID 1621439060, but no response to retransmit
Jan 2 10:16:46    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (300 bytes)
Jan 2 10:16:43    charon: 14[IKE] <con1|13> nothing to initiate
Jan 2 10:16:43    charon: 14[IKE] <con1|13> activating new tasks
Jan 2 10:16:43    charon: 14[NET] <con1|13> sending packet: from 99.172.zzz.zzz[4500] to 166.172.58.143[38643] (76 bytes)
Jan 2 10:16:43    charon: 14[ENC] <con1|13> generating INFORMATIONAL_V1 request 215746866 [ HASH N(NO_PROP) ]
Jan 2 10:16:43    charon: 14[IKE] <con1|13> activating INFORMATIONAL task
Jan 2 10:16:43    charon: 14[IKE] <con1|13> activating new tasks
Jan 2 10:16:43    charon: 14[IKE] <con1|13> queueing INFORMATIONAL task
Jan 2 10:16:43    charon: 14[IKE] <con1|13> no matching proposal found, sending NO_PROPOSAL_CHOSEN
Jan 2 10:16:43    charon: 14[CFG] <con1|13> configured proposals: ESP:AES_CBC_256/HMAC_MD5_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_MD5_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_MD5_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/MODP_1024/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Jan 2 10:16:43    charon: 14[CFG] <con1|13> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable DIFFIE_HELLMAN_GROUP found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable DIFFIE_HELLMAN_GROUP found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable DIFFIE_HELLMAN_GROUP found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable DIFFIE_HELLMAN_GROUP found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable DIFFIE_HELLMAN_GROUP found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable ENCRYPTION_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable DIFFIE_HELLMAN_GROUP found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> no acceptable INTEGRITY_ALGORITHM found
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting proposal:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> config: 192.168.0.0/32|/0, received: 0.0.0.0/0|/0 => match: 192.168.0.0/32|/0
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting traffic selectors for us:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> config: 192.168.9.1/32|/0, received: 192.168.9.1/32|/0 => match: 192.168.9.1/32|/0
Jan 2 10:16:43    charon: 14[CFG] <con1|13> selecting traffic selectors for other:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> found matching child config "con1" with prio 6
Jan 2 10:16:43    charon: 14[CFG] <con1|13> candidate "con1" with prio 1+5
Jan 2 10:16:43    charon: 14[CFG] <con1|13> 192.168.9.1/32|/0
Jan 2 10:16:43    charon: 14[CFG] <con1|13> proposing traffic selectors for other:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> 192.168.0.0/32|/0
Jan 2 10:16:43    charon: 14[CFG] <con1|13> proposing traffic selectors for us:
Jan 2 10:16:43    charon: 14[CFG] <con1|13> looking for a child config for 0.0.0.0/0|/0 === 192.168.9.1/32|/0
Jan 2 10:16:43    charon: 14[ENC] <con1|13> parsed QUICK_MODE request 1621439060 [ HASH SA No ID ID ]
Jan 2 10:16:43    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (300 bytes)
Jan 2 10:16:40    charon: 14[IKE] <con1|13> QUICK_MODE request with message ID 1621439060 processing failed
Jan 2 10:16:40    charon: 14[NET] <con1|13> sending packet: from 99.172.zzz.zzz[4500] to 166.172.58.143[38643] (76 bytes)
Jan 2 10:16:40    charon: 14[ENC] <con1|13> generating INFORMATIONAL_V1 request 4280129895 [ HASH N(INVAL_HASH) ]
Jan 2 10:16:40    charon: 14[IKE] <con1|13> integrity check failed
Jan 2 10:16:40    charon: 14[ENC] <con1|13> received HASH payload does not match
Jan 2 10:16:40    charon: 14[ENC] <con1|13> parsed QUICK_MODE request 1621439060 [ HASH SA No ID ID ]
Jan 2 10:16:40    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (300 bytes)
Jan 2 10:16:37    charon: 14[IKE] <con1|13> QUICK_MODE request with message ID 1621439060 processing failed
Jan 2 10:16:37    charon: 14[NET] <con1|13> sending packet: from 99.172.zzz.zzz[4500] to 166.172.58.143[38643] (76 bytes)
Jan 2 10:16:37    charon: 14[ENC] <con1|13> generating INFORMATIONAL_V1 request 4157428004 [ HASH N(INVAL_HASH) ]
Jan 2 10:16:37    charon: 14[IKE] <con1|13> integrity check failed
Jan 2 10:16:37    charon: 14[ENC] <con1|13> received HASH payload does not match
Jan 2 10:16:37    charon: 14[ENC] <con1|13> parsed QUICK_MODE request 1621439060 [ HASH SA No ID ID ]
Jan 2 10:16:37    charon: 14[NET] <con1|13> received packet: from 166.172.58.143[38643] to 99.172.zzz.zzz[4500] (300 bytes)

I am a bit still new when it comes to IPSec so please forgive me if I'm missing something completely obvious! Thanks in advanced guys!  ;D

Offline chaunold

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: IPSec failing Phase 2
« Reply #1 on: January 16, 2018, 01:51:27 pm »
Well my solution was to end up using an Aruba 3200 controller as a VPN Server. Problem solved..